This is another awesome book I recently found trying to validate some knowledge for my next blog post. This is the definitive book to understand today’s malware distribution networks and how they operate.
I have spent a considerable amount of time researching and working with technologies aimed at recognizing Malware Delivery Networks and this is the book to learn everything you need to know about the subject without the painful experience of scattered resources.
If you are working as a threat intelligence analyst or SOC analyst – this book must be on your shelf, no exaggeration.
The most interesting chapters for my validation work were chapter 2: Proxy Deployment and challenges, chapter 4: Malware and malware delivery networks and chapter 5: Malnet detection techniques.
The book isn’t a practical book but if you have been hunting or dealing with incidents related to malware you will understand better how to defend and interpret data provided by different solutions such as AV, OSINT and Passive DNS. Understanding the dynamic nature of today’s MDN’s to avoid detection will help you to interpret the results better from your tools, how to detect and block these persistent threats.